CVE-2019-0155
Published: 12 November 2019
Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access.
From the Ubuntu security team
It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges.
Priority
High
CVSS 3 base score: 7.8
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-70.79)
|
| cosmic |
Ignored
(reached end-of-life)
|
|
| disco |
Released
(5.0.0-36.39)
|
|
| eoan |
Released
(5.3.0-23.25)
|
|
| focal |
Not vulnerable
(5.4.0-9.12)
|
|
| precise |
Not vulnerable
(3.0.0-12.20)
|
|
| trusty |
Not vulnerable
(3.11.0-12.19)
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Released
(4.4.0-169.198)
|
|
|
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1056.58)
|
| cosmic |
Ignored
(reached end-of-life)
|
|
| disco |
Released
(5.0.0-1022.25)
|
|
| eoan |
Released
(5.3.0-1008.9)
|
|
| focal |
Not vulnerable
(5.4.0-1005.5)
|
|
| precise |
Does not exist
|
|
| trusty |
Released
(4.4.0-1059.63)
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Released
(4.4.0-1099.110)
|
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1022.25~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Released
(4.15.0-1056.58~16.04.1)
|
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1027.29~18.04.1)
|
| cosmic |
Ignored
(reached end-of-life)
|
|
| disco |
Released
(5.0.0-1027.29)
|
|
| eoan |
Released
(5.3.0-1008.9)
|
|
| focal |
Not vulnerable
(5.4.0-1006.6)
|
|
| precise |
Does not exist
|
|
| trusty |
Released
(4.15.0-1064.69~14.04.1)
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Released
(4.15.0-1064.69)
|
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1008.9~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(was needs-triage now end-of-life)
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Ignored
(was needs-triage now end-of-life)
|
|
|
linux-euclid Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Ignored
(was needs-triage now end-of-life)
|
|
|
linux-flo Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Ignored
(abandoned)
|
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1026.27~18.04.1)
|
| cosmic |
Ignored
(reached end-of-life)
|
|
| disco |
Released
(5.0.0-1026.27)
|
|
| eoan |
Released
(5.3.0-1009.10)
|
|
| focal |
Not vulnerable
(5.4.0-1005.5)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Released
(4.15.0-1050.53)
|
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1009.10~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(was needs-triage now end-of-life)
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-gke Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Not vulnerable
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Ignored
(end-of-life)
|
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1049.52)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1026.27~18.04.2)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1011.12~18.04.1)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Ignored
(end-of-life)
|
|
|
linux-grouper Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-36.39~18.04.1)
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Released
(4.15.0-70.79~16.04.1)
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-23.25~18.04.1)
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Ignored
(was needs-triage now end-of-life)
|
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1051.51)
|
| cosmic |
Ignored
(reached end-of-life)
|
|
| disco |
Released
(5.0.0-1023.25)
|
|
| eoan |
Released
(5.3.0-1008.9)
|
|
| focal |
Not vulnerable
(5.4.0-1004.4)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Released
(4.4.0-1063.70)
|
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Not vulnerable
(3.13.0-24.46~precise1)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Released
(4.4.0-169.198~14.04.1)
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-maguro Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-mako Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Ignored
(abandoned)
|
|
|
linux-manta Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1064.73)
|
| cosmic |
Ignored
(reached end-of-life)
|
|
| disco |
Ignored
(reached end-of-life)
|
|
| eoan |
Released
(4.15.0-1064.73)
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Ignored
(was needs-triage now end-of-life)
|
|
|
linux-oem-5.6 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| eoan |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-1002.4)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1028.32)
|
| disco |
Ignored
(reached end-of-life)
|
|
| eoan |
Released
(5.0.0-1028.32)
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-oracle Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1030.33)
|
| cosmic |
Ignored
(reached end-of-life)
|
|
| disco |
Released
(5.0.0-1008.13)
|
|
| eoan |
Released
(5.3.0-1007.8)
|
|
| focal |
Not vulnerable
(5.4.0-1005.5)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Released
(4.15.0-1030.33~16.04.1)
|
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1008.13~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1011.12~18.04.1)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1052.56)
|
| cosmic |
Ignored
(reached end-of-life)
|
|
| disco |
Released
(5.0.0-1023.24)
|
|
| eoan |
Released
(5.3.0-1014.16)
|
|
| focal |
Ignored
(was needed now end-of-life)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Released
(4.4.0-1126.135)
|
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1017.19~18.04.1)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1069.76)
|
| cosmic |
Does not exist
|
|
| disco |
Released
(5.0.0-1027.29)
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Released
(4.4.0-1130.138)
|
Notes
| Author | Note |
|---|---|
| tyhicks | This issue only affects IntelĀ® Graphics Processing Units |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0155
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00242.html
- https://ubuntu.com/security/notices/USN-4183-1
- https://ubuntu.com/security/notices/USN-4184-1
- https://ubuntu.com/security/notices/USN-4185-1
- https://ubuntu.com/security/notices/USN-4186-1
- https://ubuntu.com/security/notices/USN-4186-2
- https://ubuntu.com/security/notices/USN-4185-3
- https://ubuntu.com/security/notices/USN-4183-2
- https://ubuntu.com/security/notices/USN-4186-3
- https://ubuntu.com/security/notices/USN-4184-2
- NVD
- Launchpad
- Debian